# Create a people server
#
#
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=people"

- name: make the box be real
  hosts: people
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:

  - name: mount project volume
    mount: >
        name=/project
        src=/dev/mapper/GuestVolGroup00-project
        fstype=xfs
        opts="noatime,noexec,nosuid,nodev"
        passno=0
        dump=0
        state=mounted
    tags:
    - mount

  - name: mount srv volume
    mount: >
        name=/srv
        src=/dev/mapper/GuestVolGroup00-srv
        fstype=xfs
        opts="usrquota,gqnoenforce,noatime,noexec,nosuid,nodev"
        passno=0
        dump=0
        state=mounted
    tags:
    - mount

  - name: create /srv/home directory
    file: path=/srv/home state=directory owner=root group=root

  - name: bind mount home volume
    mount: >
        name=/home
        src=/srv/home
        fstype=none
        opts=bind
        passno=0
        dump=0
        state=mounted
    tags:
    - mount

  roles:
  - base
  - collectd/base
  - fas_client
  - hosts
  - nagios_client
  - rkhunter
  - rsyncd
  - sudo
  - { role: openvpn/client, when: env != "staging" }
  - cgit/base
  - cgit/clean_lock_cron
  - cgit/make_pkgs_list
  - clamav
  - planet
  - fedmsg/base
  - git/server

  - role: apache

  - role: httpd/certificate
    certname: wildcard-2017.fedorapeople.org
    SSLCertificateChainFile: wildcard-2017.fedorapeople.org.intermediate.cert

  - people

  tasks:
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
  - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
